People 'n' Issues

These employees will cause your data breach

June 19th, 2017

When it comes to cybercrime, it is easy to imagine that the biggest threat to your company is external. However, companies are realizing that trusted employees can also pose a threat, says CAREY VAN VLAANDEREN, CEO Of ESET SA.

While some attacks and breaches are caused by employees with a grudge, many occur due to negligence – perhaps ignoring a warning; failing to allow procedure – or simple human error. We have identified three types of employees that can cause a data breach.

Innocent Actions

When it comes to a breach of data, innocent workers can cause as much damage as malicious hackers. Examples – and true-life stories – of human errors are: a mobile phone being lost, letters being misaddressed and even a filing cabinet containing sensitive data being sold to a third party.

Careless of Negligent

You now the security warning that flashes up on your screen – do you always take immediate action?

A survey by Google in 2013 discovered that 25 million Chrome warnings were ignored by 70.2% of the time partly due to the users’ lack of technical knowledge, which led to the tech giant simplifying language it uses for its warnings.

Malicious

Unfortunately, as well as human error, malicious actions by employees also play a part in insider data breaches. This is illustrated by the story of the UK’s communications regulator OFCOM, which discovered in 2016 that a former employee had sneakily been gathering its third-party data. Shockingly, the malicious activity had been taking place over a six-year period.

And with the impact of a data leak causing damage to businesses, including financial loss and the damage to a firm’s reputation, it is unsurprising that companies are open to finding ways to mitigate and limit computer misuse.

Increase employee awareness

Perhaps the most logical step for employers is to ensure that all employees are aware of the potential impact of their actions, and how to avoid inadvertent data loss. It is also important to involve all employees in appropriate training, rather than simply those involved directly with IT.

Keep information safe

There are many reasons why one should encrypt data – while not embraced by all, encrypting data could be an important part of preventing data loss.

Monitor data, and behaviours

Keeping a close eye on computer use and the behaviour of individuals should enable businesses to remain aware of and identify unusual or risky activity. BYOD (Bring your own device) schemes which operate in many companies should also be carefully monitored and controlled.

Look to the future

With the risk posed by employees – however innocent – potentially catastrophic to business, it is hardly surprising that employers seem set to take a much tougher approach to insider security threats in future years.

Your email address will not be published. Required fields are marked *

Comment

Name *

Email *

Website

8 − 8 =

Gadget on Youtube

Goldstuck on Gadgets: Cooking with air
No, it hasn't become a cooking show, but this gadget can transform the cooking experience. Lucy Jones of Philips is back in the BrandTV studio to show Arthur Goldstuck how it's done.

News

The Internet Society (ISOC) has released a report aimed at exploring the future of the Internet. It highlights the need to do more to prepare the Internet for the future and poses questions into our readiness for what’s next.